Initial commit

mozilla · May 17, 2011 · e3c80ac · e3c80ac
1 parent 26000e5
commit e3c80ac
Show file tree

Hide file tree

Showing 4 changed files with 153 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+*.swp
+dist/
+*.egg-info/
+*.pyc
diff --git a/__init__.py b/__init__.py
@@ -0,0 +1 @@
+
diff --git a/garmr.py b/garmr.py
@@ -0,0 +1,103 @@
+#!/usr/bin/python
+
+import httplib
+import urllib2
+from optparse import OptionParser
+
+class Reporter(object):
+    pass
+
+
+class Garmr(object):
+
+    def __init__(self, urls):
+        self.urls = urls
+
+    def xframe_checks(self):
+        try:
+            response = urllib2.urlopen(self.urls) 
+            response_headers = response.headers.headers
+            headers = self._clean_header(response_headers)
+            print "Checking x-frame-options"
+            try:
+                assert headers["x-frame-options"] == "DENY" or \
+            	    headers["x-frame-options"] == "SAMEORIGIN", \
+                	"x-frame-options were: %s" % headers["x-frame-options"]
+
+                print "x-frame-options were correct"
+            except KeyError:
+                print "x-frame-options were not found in headers"
+        except AssertionError, e:
+            print str(e)
+        finally:
+            print "\n"
+
+    def trace_checks(self):
+    	try:
+            print "Checking TRACE is not valid"
+            http_urls = self._clean_url(self.urls) 
+            request = httplib.HTTPConnection(http_urls[0])
+            if len(http_urls) > 1:
+                request.request("TRACE", http_urls[1])
+            else:
+                request.request("TRACE", "/")
+
+            request.getresponse()
+            raise Exception("TRACE is a valid HTTP call")
+        except httplib.BadStatusLine, e:
+            print "TRACE is not valid"
+        except Exception, e:
+            print str(e)
+        finally:
+            print "\n"
+
+
+    def redirect_checks(self):
+        response = urllib2.urlopen(self.urls)
+        try:
+            print "Checking for HTTPS"
+            assert "https://" in response.geturl(), "Have not been redirected to HTTPS"
+            print "Redirected to HTTPS version of site"
+        except AssertionError, e:
+            print str(e)
+        finally:
+            print "\n"
+
+
+    def _clean_header(self, response_headers):
+    	headers = {}
+    	for head in response_headers:
+        	lst = head.strip(" \r\n").split(":")
+	        headers[lst[0]] = lst[1].strip()
+    	return headers
+
+    def _clean_url(self, urls):
+        import re
+        mtch = re.search("https?://([^/]*?)(/.*)?", urls)
+        split = []
+        for matches in mtch.groups():
+            split.append(matches)
+        return split
+
+def main():
+    usage = "Usage: %prog [option] arg"
+    parser = OptionParser(usage=usage)
+    parser.add_option("-u", "--url", action="store", type="string",
+                    dest="aut", help="Url to be tested")
+    parser.add_option("-f", "--file", action="store", type="string",
+                    dest="file_name", 
+                    help="File name with URLS to test, Currently not available")
+
+    (options, args) = parser.parse_args()
+
+    garmr = Garmr(options.aut)
+    garmr.trace_checks()
+    garmr.xframe_checks()
+    garmr.redirect_checks()
+
+
+if __name__ == "__main__":
+
+
+
+    main()
diff --git a/setup.py b/setup.py
@@ -0,0 +1,45 @@
+import os
+import sys
+from setuptools import setup, find_packages
+def main():
+    setup(name='Garmr',
+          version='0.1a',
+          description='A tool for testing a web application for basic security holes',
+          author='David Burns',
+          author_email='dburns at mozilladotcom',
+          entry_points= make_entry_points(),
+          url='https://github.com/AutomatedTester/Garmr',
+          classifiers=['Development Status :: 2 - Pre-Alpha',
+                     'Intended Audience :: Developers',
+                     'License :: OSI Approved :: Mozilla Public License 1.1 (MPL 1.1)',
+                     'Operating System :: POSIX',
+                     'Operating System :: Microsoft :: Windows',
+                     'Operating System :: MacOS :: MacOS X',
+                     'Topic :: Software Development :: Testing',
+                     'Topic :: Software Development :: Libraries',
+                     'Programming Language :: Python'],
+        packages=find_packages()
+)
+
+def cmdline_entrypoints(versioninfo, platform, basename):
+    target = 'garmr:main'
+    if platform.startswith('java'):
+        points = {'garmr': target}
+    else:
+        if basename.startswith("pypy"):
+            points = {'garmr-%s' % basename: target}
+        else: # cpython
+            points = {'garmr-%s.%s' % versioninfo[:2] : target,}
+        points['garmr'] = target
+    return points
+
+def make_entry_points():
+    basename = os.path.basename(sys.executable)
+    points = cmdline_entrypoints(sys.version_info, sys.platform, basename)
+    keys = list(points.keys())
+    keys.sort()
+    l = ["%s = %s" % (x, points[x]) for x in keys]
+    return {'console_scripts': l}
+
+if __name__ == '__main__':
+    main()